Summary
Summary
Action- More Information
| Included in our products from | December 2001 (3.52) |
|---|---|
| Detected by | All Sophos products |
Action
- Summary
- Action
- More Information
Please read the instructions for removing worms.
More Information
W32/Anset spreads as an email attachment named ants3set.exe, posing as an update for a German Trojan horse scanner.
The subject of the email is "ANTS Version 3.0" and the message text (in the W32/Anset-A variant) reads:
Hi,
anhängend findest Du die neue Version 3.0 von ANTS, dem bislang einzigartigen kostenlosen Trojanerscanner. Zum installieren einfach die angehängte Setup-Datei ausführen.
attached you will find the brandnew version 3.0 of ANTS the unique trojan defense system. To install ANTS simply run the attached Setup-File.
Adieu, Andreas
webmaster@avnetwork.de
http://www.ants-online.de
In the W32/Anset-B variant the message reads:
Hi,
Anhängend die neue Version 3.0 von ANTS, dem bislang einzigartigen kostenlosen Trojanerscanner. Zum installieren einfach die angefügte Datei ausführen.
Attached you will find the brand new Version 3.0 of ANTS, the unique freeware trojan scanner. To install ANTS simply run the attached setup file.
Adieu, Andreas
webmaster@avnetwork.de
http://www.ants-online.de
When the worm is run, it creates a copy of itself with a random name in the Windows directory and adds a registry value containing the name of the file to HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce. It then searches the Outlook address book and examines files with the extensions .CGI, .HTM, .SHTM, .PHP and .PL to find email addresses to which it can spread.
|
